- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 08 Nov 2012 11:50:14 +1300
- To: <ietf-http-wg@w3.org>
On 08.11.2012 07:17, Eitan Adler wrote: > On 7 November 2012 13:04, Tiffany B. Brown wrote: >> Hello all, >> >> I've recently submitted an RFC for a new HTTP header: >> Device-Stock-UA. >> Feedback is welcome. >> >> http://www.ietf.org/staging/draft-brown-device-stock-ua-00.txt > > It isn't at all clear to me that this solves the problem: > > - the stock services may have been changed. just because a browser > comes with a device by default doesn't mean it wasn't removed. > - the capabilities of the third party browser may differ from the > capabilities of the stock browser > - user agent shouldn't be use for capability detection in the first > place > - what does the (stock) user agent string have to do with "other > software that may be running in addition to the user agent"? ... and why must a new header be added with identical usage, syntax and handling as User-Agent be created to perform User-Agent operations? In section 4 the example does not match the BNF. Following the format: Device-Stock-UA = "Device-Stock-UA" ":" (User-Agent) User-Agent = <Defined in RFC2616 Section 14.43> We get: Device-Stock-UA: User-Agent: CERN-LineMode/2.15 libwww/2.17b3 Correcting that mistake the uselessness of creating this header becomes completely obvious: {{ Device-Stock-UA = "Device-Stock-UA" ":" 1*( product | comment ) User-Agent = "User-Agent" ":" 1*( product | comment ) }} You might as well define this as a listing of ALL software, Java class, active component, and hardware chip serial number installed on the device. Just in case some marketer or website wigit *might* want to know. Do you see the problem? If not have a look at IE6 UA string after a few hundred KB patches have been applied - utter mess useful only to help malicious attackers target specific missing patches. The operating UA is already free to embed the device stock UA into its own UA string using the same format. If it is making use of that UA capabilities to generate the request that is reasonable. I for one see zero benefit from creating this header. Amos
Received on Wednesday, 7 November 2012 22:50:45 UTC